Penetration Testing mailing list archives
Re: [PEN-TEST] Firewall identification and penetration
From: Jeffrey Denton <dentonj () C2I2 COM>
Date: Wed, 6 Sep 2000 22:45:19 -0700
On Wed, 6 Sep 2000, Ben Lull wrote:
Everyone I've worked with (people with 20 years under their belts w/ degrees up the wazoo) to the newbies who picked up a book and learned how to fdisk and fsck never had a clue about security. For example, a previous place I was employeed at had a almost genious administrator... he could fix anything while tweaking performance levels to unbelivable bounds. The problem was, you could break root on the system about 17 different ways (litterally).
If you think about it, computer security has become a hot topic only recently. When the internet first came about, security was not even thought of. It wasn't until the Morris Worm that people even considered computer security. Even then, only the ones that were affected took note ( the sysadmins that had to clean up the mess ). So you had a whole generation of computer users and sysadmins who never learned about computer security until late in their careers. Sometimes it's hard to teach an old dog a new trick. I've worked with one individual who liked to run just about ever service available on his machines ( even if it was not being used ). His thinking ( left over from when he learned about computers ) was it enabled him to come up with solutions to problems quicker. Now days this attitude has some serious problems, but this was not true 10 years ago. Until recently, finding information on computer security was difficult. The only information available was from hackers/crackers/what ever your favorite term is. And the information that was available was not easily digestable. You first had to learn how to break into your system, and then you had to figure out, on your own, how to stop it. Today, it's hard not run accross information on computer security. 10 years ago, this information was hidden in BBS's, obscure sites, and a very few knowledgeable heads. Now it's daily front page news on all of the major web sites. This mainly has to due with ever growing number of computer breakins and the large amount of publicity they are receiving. If we didn't have this problem today, then we would be as clueless and insecure as we were 10 years ago. So when you start complaining about old timers lacking any security awareness, think about where they have come from. Then try to teach those old dogs some new tricks. Jeff
Current thread:
- Re: [PEN-TEST] Firewall identification and penetration Mike Ireton (Sep 02)
- Re: [PEN-TEST] Firewall identification and penetration Ben Lull (Sep 06)
- [PEN-TEST] Evaluating Auditors Abilities Derrick (Sep 07)
- Re: [PEN-TEST] Evaluating Auditors Abilities Steve (Sep 07)
- Re: [PEN-TEST] Evaluating Auditors Abilities Domenico De Vitto (Sep 07)
- Re: [PEN-TEST] Evaluating Auditors Abilities Teicher, Mark (Sep 07)
- Re: [PEN-TEST] Evaluating Auditors Abilities Max Vision (Sep 08)
- Re: [PEN-TEST] Evaluating Auditors Abilities Deri Jones (Sep 08)
- [PEN-TEST] Evaluating Auditors Abilities Derrick (Sep 07)
- Re: [PEN-TEST] Firewall identification and penetration Jeffrey Denton (Sep 07)
- Re: [PEN-TEST] Firewall identification and penetration Gary E. Miller (Sep 07)
- Re: [PEN-TEST] Firewall identification and penetration Ben Lull (Sep 06)